NBN says chief executive Bill Morrow was left totally in the dark about a Vodafone Hutchison Australia employee's hacking of a Fairfax Media journalist's sources while running the phone company when the act was uncovered.

Mr Morrow took over the top job at Vodafone Australia in March 2012 and the 'hacking' was uncovered in June of that year. But the telco failed to report the matter to police or regulators until earlier this week after the breach was reported by The Australian.

But an NBN spokeswoman told Fairfax Media that Mr Morrow was never informed of either the hacking or its subsequent investigation by any of his team.

Advertisement

"Importantly it has been revealed that the alleged incident was part of a whistleblower investigation which would explain why Mr Morrow was not informed at the time," she said. "Whistleblower claims are conducted under strict confidentiality to maintain the integrity of the process and would not necessarily involve the CEO."

Mr Morrow has said he does not recall the specific hacking incident, denied any wrongdoing and described it as "appalling".

A Vodafone Australia spokeswoman said the telco had not found any signs Mr Morrow was told about the illegal accessing of a journalist's call and text data. The company has apologised to the journalist for the breach.

"VHA has found no evidence that Mr Morrow was made aware of the matter or the independent external report," she said.

The claims are likely to be investigated by the NSW Police, Australian Federal Police and regulators who are looking into the case. Accessing a customer's phone call records and text messages without permission from a court or the individual is a breach of Section 276 of the Telecommunications Act 1997.

But the senior team of Vodafone Australia from 2012 onwards, which includes Mr Morrow, has continued to face criticism.

"The response from Vodafone is essentially that, the incident was a result of a rogue employee," he said. "This 3 wise monkeys defence is offensively inadequate.

"Vodafone's failure to take appropriate action at the time of becoming aware of breaches, to alert the police and individuals concerned, demonstrates the flagrant disregard for privacy by the organisation."

"Here was a very clear example of a company breaching that confidentiality and circumventing any kind of legal procedure that might be out there," he said. "It seems to me that as a matter of good corporate practice, particularly if this was a rogue operation, the company should have told her immediately and they should have told her employer."